Brave browser to block “open in app” prompts, pool-party attacks


The next major version of the privacy-focused Brave browser will start blocking annoyances like “open in app” prompts and will feature better protections against pool-party attacks.

Obtrusive “open in app” pop-ups aim to take visitors to a space where browsers’ privacy protections features do not apply, allowing the app author to freely gather extensive user data.

Brave will now block this annoyance starting version 1.49 for Windows and Android (already available on iOS since v1.44), allowing users to browse the web without unexpected interruptions.

Reddit prompt to visit the site through the app
Reddit prompt to visit the site through the app (Brave)

“Brave will hide “open in app” annoyances by enabling the “Fanboy’s Mobile Notifications List,” maintained in part by folks working at Brave,” the software developer informs.

Users can disable the feature from the settings menu by deactivating the “Fanboy’s Mobile Notifications List” under the custom and regional filters.

MSN suggesting the visitor to read news item on app
MSN suggesting to read news item on app
(BleepingComputer)

Brave version 1.49 will also add protections against “pool-party” attacks that aim to persistently track users by abusing characteristics in the implementation of browser features.

A pool-party attack can help attackers to track their targets’ browsing behavior across website. They require limited shared resources, or “pools,” to create side channels that allow tracking and circumvent privacy protections in browsers.

Pool-party attacks are powerful, pervasive, and practical. Unfortunately, they appear to impact all modern web browsers, including Brave.

Although Brave had updated its defenses against these attacks in version 1.35, its engineers have found that sites now employ alternative ways that can bypass existing protections.

Another feature planned for version 1.49 is partial support for procedural cosmetic filters, which are used to specify which page elements should be hidden when blocking ads.

For starters, Brave supports two of the most popular procedural cosmetic filters, but there are plans to add more in future releases.

Finally, Brave version 1.50 for Android will introduce more screen attribute-based fingerprinting protections to prevent sites from profiling and tracking users based on their device screen size.

Brave will now prevent trackers from accessing screen size and browser position and will report slightly different randomized values to each site for each browser session, making persistent tracking impossible.



Source link